Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 1)
During which step in the installation process is it necessary to note the fingerprint for first-time verification?
A. When configuring the Security Gateway object in SmartDashboard
B. When configuring the Security Management Server using cpconfig
C. When establishing SIC between the Security Management Server and the Gateway
D. When configuring the Gateway in the WebUI
Answer: B
Q2. - (Topic 1)
A snapshot delivers a complete SecurePlatform backup. The resulting file can be stored on servers or as a local file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz?
A. As expert user, type the command revert --file MySnapshot.tgz.
B. As expert user, type the command snapshot -r MySnapshot.tgz.
C. As expert user, type the command snapshot - R to restore from a local file. Then, provide the correct file name.
D. Reboot the system and call the start menu. Select the option Snapshot Management, provide the Expert password and select [L] for a restore from a local file. Then, provide the correct file name.
Answer: A
Q3. - (Topic 2)
You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
"web_public_IP" is the node object that represents the new Web server's public IP address. "web_private_IP" is the node object that represents the new Web site's private IP address. You enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error "page cannot be displayed". Which of the following is NOT a possible reason?
A. There is no route defined on the Security Gateway for the public IP address to the Web server's private IP address.
B. There is no ARP table entry for the protected Web server's public IP address.
C. There is no Security Policy defined that allows HTTP traffic to the protected Web server.
D. There is no NAT rule translating the source IP address of packets coming from the protected Web server.
Answer: D
Q4. - (Topic 3)
What gives administrators more flexibility when configuring Captive Portal instead of LDAP query for Identity Awareness authentication?
A. Captive Portal is more secure than standard LDAP
B. Captive Portal is more transparent to the user
C. Nothing, LDAP query is required when configuring Captive Portal
D. Captive Portal works with both configured users and guests
Answer: D
Q5. - (Topic 3)
How do you configure an alert in SmartView Monitor?
A. By right-clicking on the Gateway, and selecting Properties.
B. By choosing the Gateway, and Configure Thresholds.
C. An alert cannot be configured in SmartView Monitor.
D. By right-clicking on the Gateway, and selecting System Information.
Answer: B
Q6. - (Topic 3)
Identity Awareness is implemented to manage access to protected resources based on a user’s _____________.
A. Application requirement
B. Computer MAC address
C. Identity
D. Time of connection
Answer: C
Q7. - (Topic 3)
Which of the following items should be configured for the Security Management Server to authenticate via LDAP?
A. Windows logon password
B. Active Directory Server object
C. WMI object
D. Check Point Password
Answer: B
Q8. - (Topic 3)
The R77 fw monitor utility is used to troubleshoot which of the following problems?
A. User data base corruption
B. Traffic issues
C. Phase two key negotiation
D. Log Consolidation Engine
Answer: B
Q9. - (Topic 3)
Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?
A. Bridge
B. High Availability
C. Load Sharing
D. Fail Open
Answer: A
Q10. - (Topic 1)
Which of the following statements accurately describes the command upgrade_export?
A. Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version.
B. upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server.
C. This command is no longer supported in GAiA.
D. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.
Answer: A
Q11. - (Topic 3)
Access Role objects define users, machines, and network locations as:
A. One object
B. Credentialed objects
C. Separate objects
D. Linked objects
Answer: A
Q12. - (Topic 3)
Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?
A. It contains your security configuration, which could be exploited.
B. It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten.
C. SmartUpdate will start a new installation process if the machine is rebooted.
D. It will conflict with any future upgrades when using SmartUpdate.
Answer: A
Q13. - (Topic 2)
You are working with multiple Security Gateways that enforce an extensive number of rules. To simplify security administration, which one of the following would you choose to do?
A. Create network objects that restrict all applicable rules to only certain networks.
B. Run separate SmartConsole instances to login and configure each Security Gateway directly.
C. Create a separate Security Policy package for each remote Security Gateway.
D. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
Answer: C
Q14. - (Topic 2)
All of the following are Security Gateway control connections defined by default implied rules, EXCEPT:
A. Exclusion of specific services for reporting purposes.
B. Specific traffic that facilitates functionality, such as logging, management, and key exchange.
C. Acceptance of IKE and RDP traffic for communication and encryption purposes.
D. Communication with server types, such as RADIUS, CVP, UFP, TACACS, and LDAP.
Answer: A
Q15. - (Topic 1)
The customer has a small Check Point installation, which includes one SecurePlatform server working as the SmartConsole, and a second server running Windows 2008 as both Security Management Server and Security Gateway. This is an example of a(n):
A. Distributed Installation
B. Stand-Alone Installation
C. Hybrid Installation
D. Unsupported configuration
Answer: D